Octavia API 审计¶
keystonemiddleware 审计中间件 支持通过 Oslo 消息通知器功能传递云审计数据联合 (CADF) 审计事件。基于 notification_driver 配置,审计事件可以路由到消息传递基础设施 (notification_driver = messagingv2),也可以路由到日志文件 (notification_driver = log)。
关于 CADF 格式的更多信息可以在 DMTF 云审计数据联合网站 上找到。
审计中间件为每个 REST API 交互创建两个事件。第一个事件包含从请求数据中提取的信息,第二个事件包含请求结果(响应)。
配置 Octavia API 审计¶
可以通过对 Octavia API 实例上的 Octavia 配置文件进行以下更改来启用审计。
启用审计
[audit] ... enabled = True
可选地指定审计映射文件的位置
[audit] ... audit_map_file = /etc/octavia/octavia_api_audit_map.conf
默认审计映射文件位置是 /etc/octavia/octavia_api_audit_map.conf。
将审计映射文件从 octavia/etc/audit 目录复制到上一步中指定的位置。octavia/etc/audit/octavia_api_audit_map.conf.sample 中提供了一个示例文件。
可选地指定您不想审计的 REST HTTP 方法
[audit] ... ignore_req_list =
指定用于发送审计通知的驱动程序
[audit_middleware_notifications] ... driver = log
驱动程序选项是:messaging、messagingv2、routing、log、noop
可选地指定消息传递主题
[audit_middleware_notifications] ... topics =
可选地指定消息传递传输 URL
[audit_middleware_notifications] ... transport_url =
重新启动您的 Octavia API 进程。
示例审计事件¶
请求¶
{
"event_type": "audit.http.request",
"timestamp": "2018-10-11 22:42:22.721025",
"payload": {
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
"eventTime": "2018-10-11T22:42:22.720112+0000",
"target": {
"id": "octavia",
"typeURI": "service/load-balancer/loadbalancers",
"addresses": [{
"url": "http://10.21.21.53/load-balancer",
"name": "admin"
}, {
"url": "http://10.21.21.53/load-balancer",
"name": "private"
}, {
"url": "http://10.21.21.53/load-balancer",
"name": "public"
}],
"name": "octavia"
},
"observer": {
"id": "target"
},
"tags": ["correlation_id?value=e5b34bc3-4837-54fa-9892-8e65a9a2e73a"],
"eventType": "activity",
"initiator": {
"typeURI": "service/security/account/user",
"name": "admin",
"credential": {
"token": "***",
"identity_status": "Confirmed"
},
"host": {
"agent": "openstacksdk/0.17.2 keystoneauth1/3.11.0 python-requests/2.19.1 CPython/2.7.12",
"address": "10.21.21.53"
},
"project_id": "90168d185e504b5580884a235ba31612",
"id": "2af901396a424d5ca9dffa725226e8c7"
},
"action": "read/list",
"outcome": "pending",
"id": "8cf14af5-246e-5739-a11e-513ca13b7d36",
"requestPath": "/load-balancer/v2.0/lbaas/loadbalancers"
},
"priority": "INFO",
"publisher_id": "uwsgi",
"message_id": "63264e0e-e60f-4adc-a656-0d87ab5d6329"
}
响应¶
{
"event_type": "audit.http.response",
"timestamp": "2018-10-11 22:42:22.853129",
"payload": {
"typeURI": "http://schemas.dmtf.org/cloud/audit/1.0/event",
"eventTime": "2018-10-11T22:42:22.720112+0000",
"target": {
"id": "octavia",
"typeURI": "service/load-balancer/loadbalancers",
"addresses": [{
"url": "http://10.21.21.53/load-balancer",
"name": "admin"
}, {
"url": "http://10.21.21.53/load-balancer",
"name": "private"
}, {
"url": "http://10.21.21.53/load-balancer",
"name": "public"
}],
"name": "octavia"
},
"observer": {
"id": "target"
},
"tags": ["correlation_id?value=e5b34bc3-4837-54fa-9892-8e65a9a2e73a"],
"eventType": "activity",
"initiator": {
"typeURI": "service/security/account/user",
"name": "admin",
"credential": {
"token": "***",
"identity_status": "Confirmed"
},
"host": {
"agent": "openstacksdk/0.17.2 keystoneauth1/3.11.0 python-requests/2.19.1 CPython/2.7.12",
"address": "10.21.21.53"
},
"project_id": "90168d185e504b5580884a235ba31612",
"id": "2af901396a424d5ca9dffa725226e8c7"
},
"reason": {
"reasonCode": "200",
"reasonType": "HTTP"
},
"reporterchain": [{
"reporterTime": "2018-10-11T22:42:22.852613+0000",
"role": "modifier",
"reporter": {
"id": "target"
}
}],
"action": "read/list",
"outcome": "success",
"id": "8cf14af5-246e-5739-a11e-513ca13b7d36",
"requestPath": "/load-balancer/v2.0/lbaas/loadbalancers"
},
"priority": "INFO",
"publisher_id": "uwsgi",
"message_id": "7cd89dce-af6e-40c5-8634-e87d1ed32a3c"
}
